VAR-201112-0097
Vulnerability from variot - Updated: 2024-07-23 22:29Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. The GatewayService has an integer overflow. The GatewayService uses the 32-bit value offset at the header 0x0c to specify the size of the received data. The program receives this value, increasing the number of 0x34 and allocating the amount of memory can cause an integer overflow. CmpWebServer is a component of the 3SRTESrv3 and CoDeSysControlService services for handling 8080 port connections. The function 0040f480 copies the input URI to a limited stack buffer, which can trigger a buffer overflow. 3S CoDeSys handles the Content-Length value in an HTTP POST request to trigger a null pointer reference. CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability. Failed attacks may cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0097",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codesys sp4 patch",
"scope": "eq",
"trust": 3.5,
"vendor": "3s smart",
"version": "3.42"
},
{
"model": "codesys",
"scope": "lte",
"trust": 1.0,
"vendor": "3ssoftware",
"version": "3.4"
},
{
"model": "codesys",
"scope": "lte",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.4 sp4 patch 2"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "codesys",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "codesys",
"scope": "eq",
"trust": 0.6,
"vendor": "3ssoftware",
"version": "3.4"
},
{
"model": "codesys",
"scope": "eq",
"trust": 0.3,
"vendor": "3s smart",
"version": "3.4"
},
{
"model": "codesys",
"scope": "eq",
"trust": 0.3,
"vendor": "3s smart",
"version": "2.3"
},
{
"model": "codesys",
"scope": "ne",
"trust": 0.3,
"vendor": "3s smart",
"version": "3.5"
},
{
"model": "codesys",
"scope": "ne",
"trust": 0.3,
"vendor": "3s smart",
"version": "2.3.9.32"
}
],
"sources": [
{
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"db": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"db": "BID",
"id": "50849"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003530"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-447"
},
{
"db": "NVD",
"id": "CVE-2011-5007"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:3ssoftware:codesys:*:sp4:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-5007"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-501"
}
],
"trust": 0.6
},
"cve": "CVE-2011-5007",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-5007",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2011-5591",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "45e2b734-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "45e91728-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-5007",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2011-5591",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-447",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"db": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003530"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-447"
},
{
"db": "NVD",
"id": "CVE-2011-5007"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. The GatewayService has an integer overflow. The GatewayService uses the 32-bit value offset at the header 0x0c to specify the size of the received data. The program receives this value, increasing the number of 0x34 and allocating the amount of memory can cause an integer overflow. CmpWebServer is a component of the 3SRTESrv3 and CoDeSysControlService services for handling 8080 port connections. The function 0040f480 copies the input URI to a limited stack buffer, which can trigger a buffer overflow. 3S CoDeSys handles the Content-Length value in an HTTP POST request to trigger a null pointer reference. CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability. Failed attacks may cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-5007"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003530"
},
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"db": "BID",
"id": "50849"
},
{
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"db": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
}
],
"trust": 5.85
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-5007",
"trust": 4.7
},
{
"db": "BID",
"id": "50849",
"trust": 3.3
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-336-01A",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "77387",
"trust": 2.2
},
{
"db": "CNNVD",
"id": "CNNVD-201112-447",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "18187",
"trust": 1.6
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-336-01",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "47018",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2011-5591",
"trust": 1.2
},
{
"db": "ICS CERT",
"id": "ICSA-12-320-01",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2011-5128",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5125",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5127",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5126",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003530",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-501",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20111129 VULNERABILITIES IN 3S CODESYS 3.4 SP4 PATCH 2",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-006-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "45E2B734-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "45E91728-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "5B319126-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D7D2BF0-463F-11E9-BF0D-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "4143B83E-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "84AF9D86-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7E1D2E16-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"db": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"db": "BID",
"id": "50849"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003530"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-501"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-447"
},
{
"db": "NVD",
"id": "CVE-2011-5007"
}
]
},
"id": "VAR-201112-0097",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"db": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
}
],
"trust": 5.12310607
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 4.4
}
],
"sources": [
{
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"db": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
}
]
},
"last_update_date": "2024-07-23T22:29:05.132000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.3s-software.com/"
},
{
"title": "3S CoDeSys CmpWebServer component buffer overflow vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/37428"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003530"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003530"
},
{
"db": "NVD",
"id": "CVE-2011-5007"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.3,
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-336-01a.pdf"
},
{
"trust": 2.2,
"url": "http://osvdb.org/77387"
},
{
"trust": 1.6,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-336-01.pdf"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/18187"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/47018"
},
{
"trust": 1.6,
"url": "http://seclists.org/bugtraq/2011/nov/178"
},
{
"trust": 1.0,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-12-320-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5007"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5007"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50849"
},
{
"trust": 0.3,
"url": "http://www.3s-software.com/index.shtml?en_codesysv3_en"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-006-01.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"db": "BID",
"id": "50849"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003530"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-501"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-447"
},
{
"db": "NVD",
"id": "CVE-2011-5007"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"db": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"db": "BID",
"id": "50849"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003530"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-501"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-447"
},
{
"db": "NVD",
"id": "CVE-2011-5007"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-26T00:00:00",
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-26T00:00:00",
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-26T00:00:00",
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"date": "2011-11-29T00:00:00",
"db": "BID",
"id": "50849"
},
{
"date": "2011-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003530"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-501"
},
{
"date": "2011-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-447"
},
{
"date": "2011-12-25T01:55:04.647000",
"db": "NVD",
"id": "CVE-2011-5007"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"date": "2012-11-15T23:10:00",
"db": "BID",
"id": "50849"
},
{
"date": "2011-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003530"
},
{
"date": "2011-12-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-501"
},
{
"date": "2011-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-447"
},
{
"date": "2013-05-21T03:12:51.183000",
"db": "NVD",
"id": "CVE-2011-5007"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-501"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-447"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3S CoDeSys CmpWebServer Component Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-447"
}
],
"trust": 1.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"db": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-447"
}
],
"trust": 2.0
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…